India - In a fresh advisory issued to the troops posted at the international border, the Intelligence Bureau (IB) has warned that China could be collecting vital information about the Indian security installations through its popular mobile phone apps and devices...
The IB advisory contains a list of about 42 popular Chinese apps, including: WeChat, Truecaller, Weibo, UC Browser and UC News, which pose a grave threat to India's security. more
Wednesday, November 29, 2017
Serious Mac Security Flaw - Simple Temporary Fix
A serious security flaw in mac OS High Sierra has been discovered.
It allows anyone to access high level security areas on an iMac or MacBook without the need for a password.
Apple has warned Mac users after a serious macOS High Sierra root bug was discovered and ahead of a fix being released you can take these steps to protect your iMac and MacBook immediately.
Apple said: “We are working on a software update to address this issue." In the meantime, setting a root password prevents unauthorized access to your Mac.
• To enable the Root User and set a password, please follow the instructions here.
If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section. more
UPDATE — THE FIX IS IN
Apple issues the software update. more
It allows anyone to access high level security areas on an iMac or MacBook without the need for a password.Apple has warned Mac users after a serious macOS High Sierra root bug was discovered and ahead of a fix being released you can take these steps to protect your iMac and MacBook immediately.
Apple said: “We are working on a software update to address this issue." In the meantime, setting a root password prevents unauthorized access to your Mac.
• To enable the Root User and set a password, please follow the instructions here.
If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section. more
UPDATE — THE FIX IS IN
Apple issues the software update. more
Industrial Espionage – Uber Spy Team – Former CIA Agents
A former Uber security manager says an espionage team inside the ride-hailing service used former CIA agents to help the company spy on its rivals overseas.
The testimony in a San Francisco courtroom Tuesday comes amid revelations that federal prosecutors are investigating allegations that Uber deployed an espionage team to plunder trade secrets from its rivals. That has triggered a delay in a high-profile federal trial over whether the beleaguered ride-hailing service stole self-driving car technology from a Google spinoff.
Under questioning, Richard Jacobs, Uber's manager of global intelligence, said that Uber hired several contractors that employed former CIA agents to help the ride-hailing service infiltrate its rivals' computers. Jacobs said the surveillance occurred overseas. more
The testimony in a San Francisco courtroom Tuesday comes amid revelations that federal prosecutors are investigating allegations that Uber deployed an espionage team to plunder trade secrets from its rivals. That has triggered a delay in a high-profile federal trial over whether the beleaguered ride-hailing service stole self-driving car technology from a Google spinoff.Under questioning, Richard Jacobs, Uber's manager of global intelligence, said that Uber hired several contractors that employed former CIA agents to help the ride-hailing service infiltrate its rivals' computers. Jacobs said the surveillance occurred overseas. more
Tuesday, November 28, 2017
Netflix Documentary - The Motel Owner Who Spied on Guests
But first... A bit of history.
A pair of filmmakers thought they’d be capturing celebrated writer Gay Talese taking a literary victory lap in their new documentary. Instead, they got something more like a journalistic car crash.
In the intriguing and thoughtful “Voyeur,” Myles Kane and Josh Koury explore the 30-year relationship between Gerald Foos, a former Colorado motel owner who spied on his guests, and Talese, known for his novelistic profiles and bespoke suits.
The Netflix film, which debuts Friday, follows Talese as he reports and writes about his creepy friend for the 2016 book, “The Voyeur’s Motel,” only to see the story fall apart after publication when Foos’ account unravels...
Talese and Foos first connected in 1980 when the motel owner sent the journalist a letter hoping he would share his story of secretly watching guests for years through ceiling vents — in the interest of science, of course. more
A pair of filmmakers thought they’d be capturing celebrated writer Gay Talese taking a literary victory lap in their new documentary. Instead, they got something more like a journalistic car crash.
In the intriguing and thoughtful “Voyeur,” Myles Kane and Josh Koury explore the 30-year relationship between Gerald Foos, a former Colorado motel owner who spied on his guests, and Talese, known for his novelistic profiles and bespoke suits.The Netflix film, which debuts Friday, follows Talese as he reports and writes about his creepy friend for the 2016 book, “The Voyeur’s Motel,” only to see the story fall apart after publication when Foos’ account unravels...
Talese and Foos first connected in 1980 when the motel owner sent the journalist a letter hoping he would share his story of secretly watching guests for years through ceiling vents — in the interest of science, of course. more
Artifical Intelligence for Smartphones Catches Shoulder Surfers
Video Google researchers claim to have developed an "electronic screen protector" that can alert you when nosy parkers are looking over your shoulder at your phone.
Essentially, it's machine-learning-powered software that can use the front-facing camera on a smartphone to pick out faces, identify anyone who isn't the owner, and if they are gazing at the screen, alert the user that there's someone behind them snooping on their texts or web browsing, and so on, all in real time.
The Googlers' work on this technique – which appears to be just an academic project at this stage rather than an upcoming feature – will be presented at the Neural Information Processing Systems (NIPS) conference next week in California. more
Sony and a few other companies were working on this about seven years ago. (see the patent)
Essentially, it's machine-learning-powered software that can use the front-facing camera on a smartphone to pick out faces, identify anyone who isn't the owner, and if they are gazing at the screen, alert the user that there's someone behind them snooping on their texts or web browsing, and so on, all in real time.The Googlers' work on this technique – which appears to be just an academic project at this stage rather than an upcoming feature – will be presented at the Neural Information Processing Systems (NIPS) conference next week in California. more
Sony and a few other companies were working on this about seven years ago. (see the patent)
Sunday, November 26, 2017
KRACK Attack Leaves WPA2 WiFi Encryption Hacked - Do this...
The video below explains Key Reinstallation Attacks (aka KRACK), for the technically curious.
The short story is your communications privacy over WiFi is at risk. This includes your:
Solutions
Risk Levels
Your risk of being a victim is highest whenever you use a public WiFi system. Risk is also high in densely populated areas.
The short story is your communications privacy over WiFi is at risk. This includes your:
- emails,
- texts,
- photos,
- log-in ID's and passwords,
- credit card numbers,
- and even your communications to websites which normally use https:// encryption.
Solutions
- Update your system software to the latest version. This includes all your devices which use WiFi.)
- Update software on WiFi appearance points (APs) which implement the standard 802.11r (a.k.a. Fast-BSS Transition). This affects business WiFi more than residential WiFi.
- Upon connecting to a website make sure you see https:// and the locked symbol.
Risk Levels
Your risk of being a victim is highest whenever you use a public WiFi system. Risk is also high in densely populated areas.
Saturday, November 25, 2017
Spy Plants, or Mr. Potato Head Goes to Washington
DARPA’s Biological Technologies Office (BTO) is hosting a Proposers Day to provide information to potential proposers on the objectives of the upcoming Advanced Plant Technologies program.
The program aims to control and direct plant physiology to detect chemical, biological, radiological, and/or nuclear threats, as well as electromagnetic signals.
Plant sensors developed under the program will sense specific stimuli and report these signals with a remotely recognized phenotype detectable by existing hardware platforms. more
The Proposers Day will be held on Tuesday, December 12, 2017, from 8:00 AM – 4:30 PM ET at the Westin Arlington Gateway Hotel, Arlington, VA 22203; potential proposers also have the option of participating via webcast. Advance registration is required. The registration deadline to attend in person is Wednesday, December 6, 2017, at 12:00 PM ET, and the deadline for the webcast is Monday, December 11, 2017, at 12:00 PM ET. Please register at: https://events.sa-meetings.com/APTProposersDay. There will be no on-site registration.
Extra Credit: Robot-Plant Biohybrids Growing in European Laboratories
The program aims to control and direct plant physiology to detect chemical, biological, radiological, and/or nuclear threats, as well as electromagnetic signals.Plant sensors developed under the program will sense specific stimuli and report these signals with a remotely recognized phenotype detectable by existing hardware platforms. more
The Proposers Day will be held on Tuesday, December 12, 2017, from 8:00 AM – 4:30 PM ET at the Westin Arlington Gateway Hotel, Arlington, VA 22203; potential proposers also have the option of participating via webcast. Advance registration is required. The registration deadline to attend in person is Wednesday, December 6, 2017, at 12:00 PM ET, and the deadline for the webcast is Monday, December 11, 2017, at 12:00 PM ET. Please register at: https://events.sa-meetings.com/APTProposersDay. There will be no on-site registration.
Extra Credit: Robot-Plant Biohybrids Growing in European Laboratories
Buy an App - Bug a Phone
Commercial spying apps for Android devices are being openly advertised on Google and – upon installation – can be used to snoop on text messages, calls and Facebook chats.
While they are advertised as a way for parents to keep track of their children, or businesses to watch employees, experts warn they could be used for more nefarious – potentially illegal – purposes. According to security firm Kaspersky Lab, the popularity of such services is spiking.
Now, there is often no need for the dark web or sophisticated hacking attacks – surveillance software can be quickly discovered with a simple Google search and purchased online for well under £100 ($133.00)...
One company, FlexiSpy, was even advertising 20% off its services for 2017's Black Friday. more
There is also an app to detect this.
While they are advertised as a way for parents to keep track of their children, or businesses to watch employees, experts warn they could be used for more nefarious – potentially illegal – purposes. According to security firm Kaspersky Lab, the popularity of such services is spiking.Now, there is often no need for the dark web or sophisticated hacking attacks – surveillance software can be quickly discovered with a simple Google search and purchased online for well under £100 ($133.00)...
One company, FlexiSpy, was even advertising 20% off its services for 2017's Black Friday. more
There is also an app to detect this.
EU: Spying Technology Export Control
EU lawmakers overwhelmingly backed plans on Thursday to control exports of devices to intercept mobile phone calls, hack computers or circumvent passwords that could be used by foreign states to suppress political opponents or activists...
The EU has felt that spyware or malware and telecom of Internet surveillance technologies are increasingly threatening security and human rights and proposed a modernization of its export control system to cover cyber-surveillance. more
The EU has felt that spyware or malware and telecom of Internet surveillance technologies are increasingly threatening security and human rights and proposed a modernization of its export control system to cover cyber-surveillance. more
 |
| Meanwhile, on Alibaba. |
Friday, November 24, 2017
Netflix Spy Movies for the Holiday Weekend
Click for the trailers...
For some interesting real-life business espionage shorts, visit counterespionage.com/resources/movies.
- Spy Hard
- The Spy Who Went Into the Cold
- Tinker Tailor Soldier Spy
- Inglourious Basterds
- Burn After Reading
- The Debt
- XXX
- and elsewhere for a few cents more one of my favorites... Top Secret.
Check Your Local Laws Before Recording
PA - A Franklin County jury took just seven minutes to return a guilty verdict against Chambersburg man William Alexander Himchak III on felony counts of illegal wiretapping. Himchak, 50, recorded two phone calls with tax officials, then posted them online, violating the wiretap act laws that require both people to consent to a recording before the recording has started. more
Spybuster Tip #105: In the United States, federal law requires that only one party to a conversation has to consent to the recording of the conversation. Some states, however, require two parties (meaning ALL parties) need to consent. Pennsylvania is a two party state. You can discover what the legal requirements are in your state here.
If you are concerned your office is bugged visit counterespionage.com.
Spybuster Tip #105: In the United States, federal law requires that only one party to a conversation has to consent to the recording of the conversation. Some states, however, require two parties (meaning ALL parties) need to consent. Pennsylvania is a two party state. You can discover what the legal requirements are in your state here.
If you are concerned your office is bugged visit counterespionage.com.
Thursday, November 23, 2017
Google Android Tracking You - Bad News / Good News / Bad News
Bad News...
Your phone knows where you are at pretty much all times. This is no surprise—that's part of the appeal. But while there are options to disable GPS and Location Services in the settings of Android phones, this won't stop Google from knowing where you are. Short of turning off your phone, there's actually no real way.
New details about the length to which Google tracks Android phones surfaced today from Quartz, which reports that Android phones will track your location even if you disable location services and even if you aren't logged into the phone...
Good News...
The practical effect of this is that, so long as your Android phone is on and not inside a Faraday cage, your location data is being communicated. Google told Quartz that this practice has existed for 11 months, but that the information was never stored or used and furthermore that the process will now be ended.
Bad News...
While the practice is just generally creepy, it also can have profound legal implications. Loose restrictions allow law enforcement in many states to obtain cell tower location information without a warrant until an upcoming Supreme Court case will ultimately decide if this will remain legal. In the meantime, there's nothing much to do besides be aware of how much and how easily your phone may be tracking you. If you really want privacy, you'll just have to turn the thing all the way off. more
Your phone knows where you are at pretty much all times. This is no surprise—that's part of the appeal. But while there are options to disable GPS and Location Services in the settings of Android phones, this won't stop Google from knowing where you are. Short of turning off your phone, there's actually no real way.
New details about the length to which Google tracks Android phones surfaced today from Quartz, which reports that Android phones will track your location even if you disable location services and even if you aren't logged into the phone...Good News...
The practical effect of this is that, so long as your Android phone is on and not inside a Faraday cage, your location data is being communicated. Google told Quartz that this practice has existed for 11 months, but that the information was never stored or used and furthermore that the process will now be ended.
Bad News...
While the practice is just generally creepy, it also can have profound legal implications. Loose restrictions allow law enforcement in many states to obtain cell tower location information without a warrant until an upcoming Supreme Court case will ultimately decide if this will remain legal. In the meantime, there's nothing much to do besides be aware of how much and how easily your phone may be tracking you. If you really want privacy, you'll just have to turn the thing all the way off. more
Wednesday, November 22, 2017
Voyeur Hides Spycam in Starbucks Toilet
A hidden camera recorded customers using the toilet in a branch of Starbucks for up to a month.
The small device was found in the ceiling of the coffee shop close to the headquarters of MI6 in south London.
Police believe the camera was planted by a voyeur who apparently captured himself on film in the process.
It had recorded several video files of members of the public using the only customer toilet at the store in Vauxhall, detectives revealed.
They believe the camera had been installed for a maximum of four weeks "for the purpose of voyeurism".
It was seized by police after a member of the public discovered it in a ceiling grate. more
It is surprising how many spycam'ers are caught because they captured themselves during the installation. This guy gets our Darwin Award.
Spybusters Tip #361: Do-it-yourself Technical Surveillance Countermeasures (TSCM) for spy cameras by "members of the public" can be very effective. One just needs to know where to look, and what to look for. Learning the wheres and whats is easy. Check here for more information.
Video voyeurism is a foreseeable issue. Any business offering customers, visitors, and employees access to expectation of privacy areas (restrooms, changing areas, showers, etc.) has a duty of care to protect them against spycams.
Spybuster Tip #362: Management, train your security and facilities personnel how to conduct and document due diligence video voyeurism inspections to detect spycams on a regular basis. Just think of the legal fees, and PR damage this will save you.
The small device was found in the ceiling of the coffee shop close to the headquarters of MI6 in south London.
Police believe the camera was planted by a voyeur who apparently captured himself on film in the process.It had recorded several video files of members of the public using the only customer toilet at the store in Vauxhall, detectives revealed.
They believe the camera had been installed for a maximum of four weeks "for the purpose of voyeurism".
It was seized by police after a member of the public discovered it in a ceiling grate. more
It is surprising how many spycam'ers are caught because they captured themselves during the installation. This guy gets our Darwin Award.
Spybusters Tip #361: Do-it-yourself Technical Surveillance Countermeasures (TSCM) for spy cameras by "members of the public" can be very effective. One just needs to know where to look, and what to look for. Learning the wheres and whats is easy. Check here for more information.
Video voyeurism is a foreseeable issue. Any business offering customers, visitors, and employees access to expectation of privacy areas (restrooms, changing areas, showers, etc.) has a duty of care to protect them against spycams.
Spybuster Tip #362: Management, train your security and facilities personnel how to conduct and document due diligence video voyeurism inspections to detect spycams on a regular basis. Just think of the legal fees, and PR damage this will save you.
Tuesday, November 21, 2017
The Patek Philippe Wiretapping Device
Patek Philippe is known for making some of the highest quality (and most expensive) watches in the world. But at some point, it also turned out an unexpected device: a wiretapping machine.
One of the lots in Antiquorum’s recent watch auction in Geneva was the Patek Philippe ZL 4 N and ZG 4, two desktop modules which the listing describe as “a fine and very rare, electronic wiretapping device and clock used by the Swiss police.” Hodinkee’s Jack Forster points out that it looks not unlike a clock synchronizing apparatus: the higher unit could be used to set the time, while the lower one has plugins for four coordinating timepieces.
But with all the testing, research, and verification that goes into high-end auctions (the units sold for CHF 11,250, about $11,366 at current exchange), this thing probably was used for what Antiquorum says it was: to listen in on the conversations of whoever was committing high crime in the world’s most famous neutral nation. As for having the Patek Philippe name attached, well, at least the Swiss police could count on knowing exactly what time any espionage they overheard was going to occur. more
Additional Information from a 2009 auction...
Description: Two Patek Philippe Master Clocks A. Electronic Master Clock Patek Philippe, Genève, Model L4031. Made circa 1975. Very fine, Electronic Center Seconds Master Clock. B. Digital Time Display Master Clock Patek Philippe, No. 841637 & No. 851900, Model ZG 4 & ZL 4. Made in the 1970s. Fine and rare, electric 110/220v aluminium and blue coated LED digital master clock display with day and month indication and control unit. To be sold without reserve C. Rectangular with two handles, wood-effect sides. D. Black with Arabic numerals, outer minute divisions, outer Arabic fivesecond numerals and divisions, brushed fascia with buttons for adjusting the 1/10 and 1/1000 seconds. White baton hands. M. Electronic, a very powerful Master Clock System capable of controlling an almost unlimited number of "slave" clocks and can be regulated to 1/1000th of a second. Dial and case signed. more
 |
| Auction Page |
But with all the testing, research, and verification that goes into high-end auctions (the units sold for CHF 11,250, about $11,366 at current exchange), this thing probably was used for what Antiquorum says it was: to listen in on the conversations of whoever was committing high crime in the world’s most famous neutral nation. As for having the Patek Philippe name attached, well, at least the Swiss police could count on knowing exactly what time any espionage they overheard was going to occur. more
Additional Information from a 2009 auction...
Description: Two Patek Philippe Master Clocks A. Electronic Master Clock Patek Philippe, Genève, Model L4031. Made circa 1975. Very fine, Electronic Center Seconds Master Clock. B. Digital Time Display Master Clock Patek Philippe, No. 841637 & No. 851900, Model ZG 4 & ZL 4. Made in the 1970s. Fine and rare, electric 110/220v aluminium and blue coated LED digital master clock display with day and month indication and control unit. To be sold without reserve C. Rectangular with two handles, wood-effect sides. D. Black with Arabic numerals, outer minute divisions, outer Arabic fivesecond numerals and divisions, brushed fascia with buttons for adjusting the 1/10 and 1/1000 seconds. White baton hands. M. Electronic, a very powerful Master Clock System capable of controlling an almost unlimited number of "slave" clocks and can be regulated to 1/1000th of a second. Dial and case signed. more
Now Playing - The Science Behind Spying
The Science Behind Spying is a 1960's documentary to educate viewers on the past history of the US and how spying played a role in it. more
Subscribe to:
Posts (Atom)